---
layout: docs
page_title: 'nomad sentinel apply command reference'
description: >
  The `nomad sentinel apply` command creates or updates a Sentinel policy in Nomad Enterprise.
---

# `nomad sentinel apply` command reference

The `sentinel apply` command is used to write a new, or update an existing,
Sentinel policy.

<EnterpriseAlert product="nomad"/>

## Usage

```plaintext
nomad sentinel apply [options] <Policy Name> <Policy File>
```

The `sentinel apply` command requires two arguments, the policy name and the
policy file. The policy file can be read from stdin by specifying "-" as the
file name.

Additionally, you must specify the `-scope` option. Refer to the [`-scope` field
description](/nomad/commands/sentinel/apply#scope) for more information.

Sentinel commands are only available when ACLs are enabled. This command
requires a management token.

## Options

- `-description` : Sets a human readable description for the policy

- `-scope` : Required. Sets the scope of the policy and when it
  should be enforced. Specify one of the following:

  - The `submit-job` scope for registering jobs
  - The `submit-host-volume` scope for creating or updating dynamic host
    volumes.

  Refer to the [Sentinel guide](/nomad/docs/reference/sentinel-policy) for scope details.

- `-level` : (default: advisory) Sets the enforcement level of the policy. Must
  be one of advisory, soft-mandatory, hard-mandatory.

## Examples

Write a policy:

```shell-session
$ nomad sentinel write -scope "submit-job" -description "My test policy" foo test.sentinel
Successfully wrote "foo" Sentinel policy!
```

## General options

@include 'general_options_no_namespace.mdx'
